package com.atlassian.crowd.directory.authentication.impl;

import com.atlassian.crowd.directory.authentication.UserCredentialVerifier;
import com.atlassian.crowd.directory.rest.endpoint.AzureApiUriResolver;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.microsoft.aad.msal4j.MsalInteractionRequiredException;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.UserNamePasswordParameters;
import java.util.Collections;
import java.util.concurrent.ExecutionException;

/* loaded from: input_file:com/atlassian/crowd/directory/authentication/impl/MsalUserCredentialVerifier.class */
public class MsalUserCredentialVerifier implements UserCredentialVerifier {
    private final PublicClientApplication publicClientApplication;
    private final AzureApiUriResolver endpointDataProvider;

    public MsalUserCredentialVerifier(PublicClientApplication publicClientApplication, AzureApiUriResolver azureApiUriResolver) {
        this.publicClientApplication = publicClientApplication;
        this.endpointDataProvider = azureApiUriResolver;
    }

    @Override // com.atlassian.crowd.directory.authentication.UserCredentialVerifier
    public void checkUserCredential(String str, PasswordCredential passwordCredential) throws InvalidAuthenticationException, OperationFailedException {
        try {
            this.publicClientApplication.acquireToken(UserNamePasswordParameters.builder(Collections.singleton(this.endpointDataProvider.getScopeUrl()), str, passwordCredential.getCredential().toCharArray()).build()).get();
        } catch (InterruptedException e) {
            throw new OperationFailedException(e);
        } catch (ExecutionException e2) {
            if (!(e2.getCause() instanceof MsalInteractionRequiredException)) {
                throw new OperationFailedException(e2);
            }
            throw new InvalidAuthenticationException("Could not authenticate user " + str, e2);
        }
    }
}
